NTIA: Facial Recognition Guidelines Should Focus on Commercial Use

The National Telecommunications & Information Administration is going to try to focus its process for coming up with enforceable facial recognition privacy standards on commercial, rather than government use.

That was the signal early on in Tuesday's second stakeholder meeting, but it got some pushback from a number of privacy groups, including the ACLU and Center for Digital Democracy, who said the two were so intertwined that it was important early on to get a handle on how government uses that info.

Jeff Chester of the Center for Digital Democracy pressed the point that the guideline process needs to look at the dual structure of commercial and government use since commercial data is also shared with the government.

Chester said it was crucial to get "under the hood" of information flows of facial recognition technologies and their use by both the commercial and government sectors. He said that should be the guiding principle of the discussion and was a quid pro quo for being able to give meaningful consent.

Chris Calabrese from ACLU seconded Chester, and pointed out that what the Department of Justice or police do with facial recognition data affects whether he would want to be party to the commercial application. Susan Grant of the Consumer Federation of America added that it would clearly be a factor in notice and consent.

John Morris, associate administrator and director of Internet policy at NTIA's Office of Policy Analysis Development, moderated the first part of the meeting. He said he agreed that government use was likely going to be part of the discussion down the line, and was certainly a legitimate question. But he said he wanted to first concentrate on getting voluntary guidelines on commercial use, and then, if there is progress down that road, get into the government-use discussion.

Steve DelBianco of Netchoice, whose members include ebay. Yahoo!, Facebook and 21st Century Fox, said everybody should just stipulate at the outset that whatever commercial entities could get access to via facial recognition regimes, and however they used that info, the government could also get access. If the dual-use question is can government access it and use it, the answer is "yes," he said, so there was no need for a deep dive into how. He said just assume the government can get everything with a court order, and that the issue then has nothing to do with consent.

He pointed out that companies are bound by terms of service to follow court orders for info, and they would otherwise "love" to report on what they have to give up under court order.

Morris did say that in some cases government use may be an element in the code of conduct, but at the outset he wanted to make clear that the focus was on a commercial code.